× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ca2ef50363e017ec860ddf7b123fea9851d717cd06b7294098e32de6d6e6af90
File name: Macros.exe
Detection ratio: 9 / 56
Analysis date: 2017-01-01 13:17:01 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.20120036 20170101
Arcabit Trojan.Generic.D13301E4 20170101
AVG MSIL10.CNUB 20170101
BitDefender Trojan.Generic.20120036 20170101
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Emsisoft Trojan.Generic.20120036 (B) 20170101
F-Secure Trojan.Generic.20120036 20170101
Sophos ML trojan.win32.skeeyah.a!rfn 20161216
eScan Trojan.Generic.20120036 20170101
AegisLab 20161231
AhnLab-V3 20170101
Alibaba 20161223
ALYac 20170101
Antiy-AVL 20170101
Avast 20170101
Avira (no cloud) 20170101
AVware 20170101
Baidu 20161207
Bkav 20161229
CAT-QuickHeal 20161231
ClamAV 20170101
CMC 20170101
Comodo 20170101
Cyren 20170101
DrWeb 20170101
ESET-NOD32 20170101
F-Prot 20170101
Fortinet 20170101
GData 20170101
Ikarus 20170101
Jiangmin 20170101
K7AntiVirus 20170101
K7GW 20170101
Kaspersky 20170101
Kingsoft 20170101
Malwarebytes 20170101
McAfee 20170101
McAfee-GW-Edition 20170101
Microsoft 20170101
NANO-Antivirus 20170101
nProtect 20170101
Panda 20170101
Qihoo-360 20170101
Rising 20170101
Sophos AV 20170101
SUPERAntiSpyware 20170101
Symantec 20170101
Tencent 20170101
TheHacker 20161229
TrendMicro 20170101
TrendMicro-HouseCall 20170101
Trustlook 20170101
VBA32 20161229
VIPRE 20170101
ViRobot 20170101
WhiteArmor 20161221
Yandex 20161230
Zillya 20161231
Zoner 20161231
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-03-15 06:27:50
Entry Point 0x0000A7B1
Number of sections 5
PE sections
Overlays
MD5 5003715dd3811436df9189b75bb25eaa
File type application/x-rar
Offset 155136
Size 1930089
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueExA
SetFileSecurityW
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
GetDeviceCaps
GetObjectA
DeleteDC
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetSystemTime
GetLastError
HeapFree
GetStdHandle
SystemTimeToFileTime
ReadFile
FileTimeToSystemTime
lstrlenA
lstrcmpiA
WaitForSingleObject
LoadLibraryA
FreeLibrary
FindNextFileA
HeapAlloc
SetFileTime
GetVersionExA
GetModuleFileNameA
IsDBCSLeadByte
GetCPInfo
GetCurrentProcess
GetDateFormatA
FileTimeToLocalFileTime
GetCurrentDirectoryA
CreateFileMappingA
GetLocaleInfoA
CreateDirectoryA
DeleteFileA
OpenFileMappingA
ExitProcess
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
SetFileAttributesA
GetModuleFileNameW
SetFilePointer
GetTempPathA
SetEndOfFile
DosDateTimeToFileTime
CloseHandle
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
FindNextFileW
GetFileAttributesA
WriteFile
FindFirstFileA
GetTimeFormatA
GetCommandLineA
FindFirstFileW
HeapReAlloc
MoveFileExA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetFullPathNameA
MoveFileA
GetFileAttributesW
GetNumberFormatA
UnmapViewOfFile
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
SetFileAttributesW
CreateFileA
GetTickCount
FindResourceA
SetCurrentDirectoryA
SetLastError
CompareStringA
VariantInit
SHGetFileInfoA
ShellExecuteExA
SHChangeNotify
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
DefWindowProcA
ShowWindow
GetSystemMetrics
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
CharToOemBuffA
IsWindow
GetWindowRect
DispatchMessageA
EnableWindow
SetMenu
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
CharUpperA
GetDC
RegisterClassExA
ReleaseDC
SetWindowTextA
DestroyIcon
GetWindowLongA
IsWindowVisible
SendMessageA
GetWindowTextA
GetClientRect
CreateWindowExA
GetDlgItem
OemToCharBuffA
LoadIconA
wsprintfA
FindWindowExA
GetSysColor
LoadCursorA
OemToCharA
LoadStringA
CopyRect
WaitForInputIdle
GetClassNameA
GetMessageA
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 5
RT_ICON 1
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN NEUTRAL 13
NEUTRAL DEFAULT 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2010:03:15 07:27:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
67584

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xa7b1

InitializedDataSize
86528

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 d04e894e02ffbc6a55d4077b812896aa
SHA1 04476c3d041ace0a95c774f873d4f0a9381ac5e0
SHA256 ca2ef50363e017ec860ddf7b123fea9851d717cd06b7294098e32de6d6e6af90
ssdeep
49152:NuXaoVSTxO86zuxxsV2MM8dGGCYcUXMBetF27tHHP:NuKSSA85xSVPM0GXUXMBetF2pHP

authentihash 1d1524c31b4e3ac3b29fda862dafaeb92a53641b926454030da367336c3da5a5
imphash 9402b48d966c911f0785b076b349b5ef
File size 2.0 MB ( 2085225 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-01-01 13:17:01 UTC ( 2 years, 3 months ago )
Last submission 2019-02-04 12:08:38 UTC ( 2 months, 2 weeks ago )
File names ca2ef50363e017ec860ddf7b123fea9851d717cd06b7294098e32de6d6e6af90.bin
Macros.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
UDP communications